home

BrassSearch.FFUpdate.dll

Brass Search

FFUpdate is the Mozilla Firefox plugin manager for the Brass Search branded Yontoo adware browser platform. The component is designed to install and keep Firefox connected to the adware updater. The module BrassSearch.FFUpdate.dll by Brass Search has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Brass Search  (signed and verified)

Version:
1.0.5442.38828

MD5:
9455fd339bb9809b110bb22ec9cef2b3

SHA-1:
8b8939aeba9166671571969e20d667d4f08f3808

SHA-256:
3a9f6cba2238bc628adeb8e75f01bc6742af4ab2fd4056853e3ed5d38abdc9b5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser plugin for Firefox.

Analysis date:
11/23/2024 6:52:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.16.1

File size:
546.3 KB (559,400 bytes)

Product version:
1.0.5442.38828

Original file name:
BrassSearch.FFUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\brass search\bin\plugins\brasssearch.ffupdate.dll

Digital Signature
Signed by:
Brass Search

Authority:
VeriSign, Inc.

Valid from:
3/13/2014 7:00:00 PM

Valid to:
3/14/2015 6:59:59 PM

Subject:
CN=Brass Search, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Brass Search, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79A7A4116AA48D85E401C00C69AD38D7

File PE Metadata
Compilation timestamp:
11/26/2014 12:34:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x886E6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 70, 00, 00, 00, 28, 87, 08, 00, 28, 69, 08, 00, 52, 53, 44, 53, D6, 6D, D2, BD, BD, 84, BF, 47, B7, 9A, 2A, DD, 99, 2E, AF, 26, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 74, 30, 72, 64, 6F, 78, 7A, 78, 2E, 33, 6A, 69, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Entropy:
7.4977

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
538 KB (550,912 bytes)

Remove BrassSearch.FFUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.